Regulatory Compliance – CyberSecurity Confabulation

Quantifying the Social Impact of Ransomware and ESG Disclosure Implication

Posted 2 years ago by Tripwire Guest Authors

2022 began with successful ransomware attacks against global IT and digital transformation providers, no thanks to the notorious LAPSUS$ ransomware gang. Often, any discussion about ransomware impact has mostly centered on affected organizations. Rightly so, as victimized organizations usually suffer significant disruption to their operations. In 2021, the US Federal Bureau of Investigation received 3,729 […]… Read More

The post Quantifying the Social Impact of Ransomware and ESG Disclosure Implication appeared first on The State of Security.

What Is the ISA/IEC 62443 Framework?

Posted 3 years ago by Anastasios Arampatzis

Cybersecurity threats to manufacturing and process plants are coming from a wide range of attack vectors, including supply chain, logistics, enterprise computing, remote connections, operator stations, programmable logic controllers, distributed control systems (DCSs), smart sensors, and new smart devices. Internet of Things (IoT) technologies offer greater connectivity and endless applications, but they make the cybersecurity […]… Read More

The post What Is the ISA/IEC 62443 Framework? appeared first on The State of Security.

Exploring ESG Through a GRC Lens

Posted 3 years ago by Tripwire Guest Authors

Oftentimes, three-letter acronyms trend and become buzzwords. At other times, they act as catalysts by influencing the business environment in which an organization operates. Such acronyms include CSR (corporate social responsibility), GRC (governance, risk, and compliance), and the most recent one, ESG (environmental, social, and governance). These are important business concepts that drive investment considerations […]… Read More

The post Exploring ESG Through a GRC Lens appeared first on The State of Security.

PCI 4.0: The wider meanings of the new Standard

Posted 3 years ago by David Bruce

The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard […]… Read More

The post PCI 4.0: The wider meanings of the new Standard appeared first on The State of Security.

What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9

Posted 3 years ago by David Bruce

In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update. Requirements 5 through 9 are organized under two categories: Maintain […]… Read More

The post What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9 appeared first on The State of Security.

NIST SP 800-161r1: What You Need to Know

Posted 3 years ago by Tripwire Guest Authors

Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of components and software that often form a final […]… Read More

The post NIST SP 800-161r1: What You Need to Know appeared first on The State of Security.

What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

Posted 3 years ago by David Bruce

The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, […]… Read More

The post What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4. appeared first on The State of Security.

Navigating Cybersecurity with NERC CIP as the North Star

Posted 3 years ago by Michael Betti

Working in the Electric Utility sector of critical infrastructure gives a person a very unique perspective on how many of the pieces of the puzzle fit together to provide uninterrupted services to a broad population. My personal experience as a software engineer in the electrical industry introduced me to the nuances that the average person […]… Read More

The post Navigating Cybersecurity with NERC CIP as the North Star appeared first on The State of Security.

NERC CIP Audits: Top 8 Dos and Don’ts

Posted 3 years ago by Tripwire Guest Authors

My time at NERC had me involved with quite a few projects over my seven-year career there. I was involved with CIP compliance audits, investigations, auditor training, and many advisory sessions. Typically, I was advising entities across North America on different tactics, techniques, and insight from best practices I have seen. I wanted to share a […]… Read More

The post NERC CIP Audits: Top 8 Dos and Don’ts appeared first on The State of Security.

Regulatory Compliance in the Cloud: What you Need to Know

Posted 3 years ago by Chris Hudson

Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent much of the last decade catching up with the implications of cloud services. For hosted infrastructure, “catching up” presents an interesting set of challenges since […]… Read More

The post Regulatory Compliance in the Cloud: What you Need to Know appeared first on The State of Security.